If it allows perfect reproduction then why is it there in the first place?
See my original post about the lock metaphor.
Downloaded media needs to be labeled as being authorized. Just like CDs and DVDs in the stores get labeled. At this level, DRM is as much consumer protection as it is protection for the publishers. It helps to prevent people from buying counterfeits.
We need to fight piracy in the courts, not in the consumer products. But we still need some form of accountability.
You can buy lock picking books and tools easily. Yet you don't see people leaving their homes and cars unlocked because they are suddenly made worthless. Locks are good, so is DRM, when it works properly. It needs to be open, non-intrusive (for the owner) and allow fair use. Unfortunately it seems that the **AA is more interested in forcing consumers to re-purchase every album and movie they own each time a new technology comes along. Anyone who thinks that DRM is to stop pirates is uninformed. It's to stop you from taking all those DVDs, converting them to XviD and storing them on cheap mass storage. It's more profitable to slowly kill off DVDs with Bluray and force everyone to buy both Godfather movies again (Godfather III, you're nothing to me now).
I've seen worse. As a kid I got into a lot of trouble so I wound up in a shrink's office. In the waiting room on the table was a Spider-Man comic. Little did I know... It seems this was the tale of a troubled young man that is visited by Spider-Man. During this visit, Spider-Man suspects that the boy has been sexually abused. Spider-Man relates a similar story and admits that as a boy he was molested by an older man named "Skip".
It seems I've found some info on this "Skip" here.
Actually I've written an article describing how to do what you speak of. The only piece of the puzzle you left out is that you need to scan the system from inside Windows first. Then boot into Linux and scan the hard drive from there so you can compare the results.
The complicated answer is, for a little while. The reason is that there are rootkits being developed that are designed to store itself in your video card. The idea is that after the hard drive is reformatted the video card will load this rootkit back into the kernel. Right now it's highly unlikely.
My old site is down because I've moved away from this kind of stuff in the past. The only surviving mirror I can find is here. Basically you're just hooking accept() Winsock API in all processes and then any listening service is a potential backdoor. This is a simple user-mode method. Someone could write a more specific version for a particular service such as IIS that hooks deeper into the code that receives network data.
Hey, thanks for the mention in the article but that is a really old version you've used to test! The last version I've released publicly is AFX Windows Rootkit 2005, it's open source and can be found on http://www.rootkit.com/ the other more recent versions I've sold privately.
Now on the subject of rootkit detection. Most of these use the method based on Microsoft's Strider: GhostBuster. Which uses a low-level method to gather seemingly clean system information then gathers the same information using a high-level method. The idea is that rootkits will have only hooked the high-level methods so there should be a difference in results. Whatever is listed in the low-level results and not listed in the high-level results is displayed as "hidden information". Effectively they are using the rootkit's own hiding functions against itself to detect it. If the rootkit doesn't hide itself to avoid detection it's still made itself visible.
The problem is that you put yourself in an arms race with who can hook system information at the lowest level. Luckily since we (the sysadmin) have access to the hardware and presumably the attacker does not, a hardware method of gathering system information would be the best. You can bet money that we are going to be seeing hardware level rootkit detectors sooner or later.
The final problem is that a backdoor can be hidden without using these rootkit methods. By hooking incoming socket connections we can make a hidden backdoor that creates no new processes, threads, files, registry keys or any other permanent data. I and others have released POC code already. Also, making the same attack persist after reboot is only a matter of disabling SFC and altering userinit.exe, explorer.exe or whatever you like. Your rootkit detector will come up clean everytime.
Most people I know complain more about the red light cameras than speed cameras. There is nothing quite like the panic of hitting a light as it turns yellow. Do I slam on brakes and get rear-ended? Or do I gun it and get a ticket or possibly T-Boned by a Camaro?
That's what annoys me about Apple these days. They used to have a down-to-earth feel to their marketing. It was like "Hi. Welcome to Apple. We like to do things a little different than most people and we think that's ok." Now it's "We're Apple and our farts smell lovely. Won't you have a whiff?"
Just because you can't remember a time before iPods doesn't make pre-iPod mp3 players gimmicks. Like it or not, all these so called advances (what advances? the touchpad stolen from a laptop or flash stolen from USB sticks?) would have happened eventually. Only there would be a different name on the box. It's really sad when I am in Best Buy and I hear this guy say "but I thought they were all called iPods"...
I wrote "If Microsoft adds this stuff...". Notice the key word is add. Since autorun is already included in Windows I couldn't possibly be talking about adding that.
So hmm, what else could I be talking about? Maybe it was the "3rd party software" I mentioned that currently isn't a part of Windows? Nah... that would make too much sense!
My point is that every time Microsoft adds something to their OS that is already covered by 3rd party software they get bashed for being anti-competitive. You can't have it both ways. Either you want Windows to be all-in-one or you want a secure-by-default, stable baseline. I prefer the latter and I think Microsoft has delivered that with XP. At least as much as any other OS. I've never been hacked. Neither has anyone in my family thanks to my slipstreamed XP install.
DISCLAIMER: GNU/Linux is still much better in many, many ways but Windows isn't that swiss cheese that many/.ers make it out to be.
If you want the ultimate phone/PDA then get the PPC-6700 from Sprint. The only thing I've found it can't do is stream audio via bluetooth to my car stereo. There is a hack for it but the playback is choppy. Supposedly there will be a firmware update to fix that but I'm not holding my breath. Though the bluetooth does allow my car stereo to act as a speaker phone. Everything else, it does perfectly.
If Microsoft adds this stuff by default they are being anti-competitive. If they don't then they are selling an insecure OS. Basically they are damned if they do, damned if they don't. Windows has plenty of leaks but there are plenty of ways to plug them. The days of relying on Windows to include everything for you should have ended in 2001.
Fanboy: Nobody ever claims that OS X is bulletproof and perfectly safe.
Some Guy: Uhm yea actually a sales person told me that at an Apple store.
Another Fanboy: Well it's your fault for believing him even though you just said you didn't believe him.
The level of denial and amount of dissemination among Mac users is hilarious. I guess you've got to be pretty insane to paint Microsoft as the Satan of vendor lock-in, completely ignore GNU/Linux and jump to Mac which not only locks you into software but hardware too.
"But.. but.. but... I can run Windows on my Intel Mac..."
Oh yea, the side effect of Apple jumping IBM's ship. PowerPC who? Intel has always been the best. We've always been at war with Eurasia.
Anyone who thinks that wasn't done just as another bullet point on a list is fooling themselves.
Who would have thought beta software would have issues...especially since every other OS gets it right the first time. That's why everyone else is still at version 1.0, right?
I would never use it. I must have Firefox maximized at all times. Also my desktop has 0 icons on it so I guess I'm just anal about these kinds of things. I have to keep it uniform.
The only time I would ever want to interact with 2 windows at once is dragging files from one window to another. I can already do that by dragging the files to the taskbar icon of the destination window and it automatically brings it to the front.
I'm on a wide screen laptop and almost every site I visit regularly stretches to fill the entire window. There are only a few sites I visit that don't and I consider them poorly designed.
Slashdot Mirror
If it allows perfect reproduction then why is it there in the first place?
See my original post about the lock metaphor.
Downloaded media needs to be labeled as being authorized. Just like CDs and DVDs in the stores get labeled. At this level, DRM is as much consumer protection as it is protection for the publishers. It helps to prevent people from buying counterfeits.
We need to fight piracy in the courts, not in the consumer products. But we still need some form of accountability.
The only difference between some fair use and illegal copying is intent. Not a system in the world can discern that.
If it can't allow fair use while blocking unlawful reproduction then it must allow both.
You can buy lock picking books and tools easily. Yet you don't see people leaving their homes and cars unlocked because they are suddenly made worthless. Locks are good, so is DRM, when it works properly. It needs to be open, non-intrusive (for the owner) and allow fair use. Unfortunately it seems that the **AA is more interested in forcing consumers to re-purchase every album and movie they own each time a new technology comes along. Anyone who thinks that DRM is to stop pirates is uninformed. It's to stop you from taking all those DVDs, converting them to XviD and storing them on cheap mass storage. It's more profitable to slowly kill off DVDs with Bluray and force everyone to buy both Godfather movies again (Godfather III, you're nothing to me now).
I've seen worse. As a kid I got into a lot of trouble so I wound up in a shrink's office. In the waiting room on the table was a Spider-Man comic. Little did I know... It seems this was the tale of a troubled young man that is visited by Spider-Man. During this visit, Spider-Man suspects that the boy has been sexually abused. Spider-Man relates a similar story and admits that as a boy he was molested by an older man named "Skip".
It seems I've found some info on this "Skip" here.
I bet Richard Kimble wouldn't feel sorry for that kid...
Well he got the drugs part right!
Actually I've written an article describing how to do what you speak of. The only piece of the puzzle you left out is that you need to scan the system from inside Windows first. Then boot into Linux and scan the hard drive from there so you can compare the results.
The article can be found here here.
The simple answer is, yes.
The complicated answer is, for a little while. The reason is that there are rootkits being developed that are designed to store itself in your video card. The idea is that after the hard drive is reformatted the video card will load this rootkit back into the kernel. Right now it's highly unlikely.
My old site is down because I've moved away from this kind of stuff in the past. The only surviving mirror I can find is here. Basically you're just hooking accept() Winsock API in all processes and then any listening service is a potential backdoor. This is a simple user-mode method. Someone could write a more specific version for a particular service such as IIS that hooks deeper into the code that receives network data.
Hey, thanks for the mention in the article but that is a really old version you've used to test! The last version I've released publicly is AFX Windows Rootkit 2005, it's open source and can be found on http://www.rootkit.com/ the other more recent versions I've sold privately.
Now on the subject of rootkit detection. Most of these use the method based on Microsoft's Strider: GhostBuster. Which uses a low-level method to gather seemingly clean system information then gathers the same information using a high-level method. The idea is that rootkits will have only hooked the high-level methods so there should be a difference in results. Whatever is listed in the low-level results and not listed in the high-level results is displayed as "hidden information". Effectively they are using the rootkit's own hiding functions against itself to detect it. If the rootkit doesn't hide itself to avoid detection it's still made itself visible.
The problem is that you put yourself in an arms race with who can hook system information at the lowest level. Luckily since we (the sysadmin) have access to the hardware and presumably the attacker does not, a hardware method of gathering system information would be the best. You can bet money that we are going to be seeing hardware level rootkit detectors sooner or later.
The final problem is that a backdoor can be hidden without using these rootkit methods. By hooking incoming socket connections we can make a hidden backdoor that creates no new processes, threads, files, registry keys or any other permanent data. I and others have released POC code already. Also, making the same attack persist after reboot is only a matter of disabling SFC and altering userinit.exe, explorer.exe or whatever you like. Your rootkit detector will come up clean everytime.
Most people I know complain more about the red light cameras than speed cameras. There is nothing quite like the panic of hitting a light as it turns yellow. Do I slam on brakes and get rear-ended? Or do I gun it and get a ticket or possibly T-Boned by a Camaro?
That's what annoys me about Apple these days. They used to have a down-to-earth feel to their marketing. It was like "Hi. Welcome to Apple. We like to do things a little different than most people and we think that's ok." Now it's "We're Apple and our farts smell lovely. Won't you have a whiff?"
Just because you can't remember a time before iPods doesn't make pre-iPod mp3 players gimmicks. Like it or not, all these so called advances (what advances? the touchpad stolen from a laptop or flash stolen from USB sticks?) would have happened eventually. Only there would be a different name on the box. It's really sad when I am in Best Buy and I hear this guy say "but I thought they were all called iPods"...
NOTE: I've owned 4 iPods, 2 still alive
You mean these guys?
Can you please tell me what ISP you work for? I want to make sure I never accidentally use it.
Too bad the rest of the world is going down the drain with us!
I wrote "If Microsoft adds this stuff...". Notice the key word is add. Since autorun is already included in Windows I couldn't possibly be talking about adding that.
/.ers make it out to be.
So hmm, what else could I be talking about? Maybe it was the "3rd party software" I mentioned that currently isn't a part of Windows? Nah... that would make too much sense!
My point is that every time Microsoft adds something to their OS that is already covered by 3rd party software they get bashed for being anti-competitive. You can't have it both ways. Either you want Windows to be all-in-one or you want a secure-by-default, stable baseline. I prefer the latter and I think Microsoft has delivered that with XP. At least as much as any other OS. I've never been hacked. Neither has anyone in my family thanks to my slipstreamed XP install.
DISCLAIMER: GNU/Linux is still much better in many, many ways but Windows isn't that swiss cheese that many
If you want the ultimate phone/PDA then get the PPC-6700 from Sprint. The only thing I've found it can't do is stream audio via bluetooth to my car stereo. There is a hack for it but the playback is choppy. Supposedly there will be a firmware update to fix that but I'm not holding my breath. Though the bluetooth does allow my car stereo to act as a speaker phone. Everything else, it does perfectly.
how to disable autorun
3rd party program prompts before executing unknown code/drivers, prevents hooks, etc
If Microsoft adds this stuff by default they are being anti-competitive. If they don't then they are selling an insecure OS. Basically they are damned if they do, damned if they don't. Windows has plenty of leaks but there are plenty of ways to plug them. The days of relying on Windows to include everything for you should have ended in 2001.
Fanboy: Nobody ever claims that OS X is bulletproof and perfectly safe.
Some Guy: Uhm yea actually a sales person told me that at an Apple store.
Another Fanboy: Well it's your fault for believing him even though you just said you didn't believe him.
The level of denial and amount of dissemination among Mac users is hilarious. I guess you've got to be pretty insane to paint Microsoft as the Satan of vendor lock-in, completely ignore GNU/Linux and jump to Mac which not only locks you into software but hardware too.
"But.. but.. but... I can run Windows on my Intel Mac..."
Oh yea, the side effect of Apple jumping IBM's ship. PowerPC who? Intel has always been the best. We've always been at war with Eurasia. Anyone who thinks that wasn't done just as another bullet point on a list is fooling themselves.
Web service standards cannot be driven by the very people who profit most from non-standard solutions.
Who else has more of a reason to put forth the time, effort and money to do it?
Who would have thought beta software would have issues...especially since every other OS gets it right the first time. That's why everyone else is still at version 1.0, right?
I would never use it. I must have Firefox maximized at all times. Also my desktop has 0 icons on it so I guess I'm just anal about these kinds of things. I have to keep it uniform. The only time I would ever want to interact with 2 windows at once is dragging files from one window to another. I can already do that by dragging the files to the taskbar icon of the destination window and it automatically brings it to the front. I'm on a wide screen laptop and almost every site I visit regularly stretches to fill the entire window. There are only a few sites I visit that don't and I consider them poorly designed.
http://www.youtube.com/watch?v=Gqjhcdl8Kt8
Please show me where this brilliant insanity has ever been done before.
But if things go wrong on Linux? RTFM, you have the source, you fix it, etc etc...